[Ltb-users] Active directory Password

admin admin at webmerchantsinc.com
Thu May 26 17:48:27 CEST 2011


Hello Jonathan,
Try to verify your ldap bind cridentials with ldapsearch utility:
**ldapsearch -x -b "DC=DOMAIN,DC=COM" -D 
"CN=your_admin_account,OU=DOMAIN.com,DC=DOMAIN,DC=com" -h 192.168.1.1 -p 
389 -w ****** "(sAMAccountName=username_you_want_to_find)"

Does they work ?

On 5/26/2011 5:48 PM, MEKLAT Jonathan wrote:
>
> *Jonathan MEKLAT*
>
> Informatique Interne
>
> cid:image008.png at 01CA4C2A.7EA37760
>
> /19, Rue du Général FOY 75008 PARIS/
>
> /*t*+33 (0)1 58 22 81 40/*f*+33 (0)1 45 22 12 95/ interne 3181
>
> / *gsm*+33 (0)6 85 43 09 54/
>
> /*e*_informatique.interne at effitic.com 
> <mailto:informatique.interne at effitic.com>_/
>
> /*e*_jonathan.meklat at effitic.com <mailto:jonathan.meklat at effitic.com>_/
>
> / www.*effitic*.com <http://www.effitic.com/>/
>
> cid:image009.png at 01CA4C2A.7EA37760* Adoptez l'éco-attitude.
> N'**imprimez ce mail que si c'est vraiment nécessaire*
>
> *De :*MEKLAT Jonathan [mailto:jonathan.meklat at effitic.com]
> *Envoyé :* jeudi 26 mai 2011 16:48
> *À :* 'admin'
> *Cc :* 'ltb-users at lists.ltb-project.org'
> *Objet :* RE: [Ltb-users] Active directory Password
>
> *Jonathan MEKLAT*
>
> Informatique Interne
>
> cid:image008.png at 01CA4C2A.7EA37760
>
> /19, Rue du Général FOY 75008 PARIS/
>
> /*t*+33 (0)1 58 22 81 40/*f*+33 (0)1 45 22 12 95/ interne 3181
>
> / *gsm*+33 (0)6 85 43 09 54 /
>
> /*e*_informatique.interne at effitic.com 
> <mailto:informatique.interne at effitic.com>_/
>
> /*e*_jonathan.meklat at effitic.com <mailto:jonathan.meklat at effitic.com>_/
>
> / www.*effitic*.com <http://www.effitic.com/>/
>
> cid:image009.png at 01CA4C2A.7EA37760* Adoptez l'éco-attitude.
> N'**imprimez ce mail que si c'est vraiment nécessaire*
>
> *De :*MEKLAT Jonathan [mailto:jonathan.meklat at effitic.com]
> *Envoyé :* jeudi 26 mai 2011 16:46
> *À :* 'admin'
> *Cc :* 'ltb-users at lists.ltb-project.org'
> *Objet :* RE: [Ltb-users] Active directory Password
>
> Hello,
>
> He is more information
>
> When I try to test with this option only :
>
> *TLS_REQCERT allow*
>
> I've this error message :
>
> *Warning: ldap_bind() [**function.ldap-bind 
> <http://password.effitic.com/function.ldap-bind>**]: Unable to bind to 
> server: Invalid credentials in /var/www/password/pages/change.php on 
> line 68*
>
> **
>
> When I try to test with this option only :
>
> *TLS_CACERT /etc/ssl/certnew.cer*
>
> I've this error message :
>
> *Warning: ldap_bind() [**function.ldap-bind 
> <http://password.effitic.com/function.ldap-bind>**]: Unable to bind to 
> server: Can't contact LDAP server in 
> /var/www/password/pages/change.php on line 68*
>
> **
>
> Can you help me please ?
>
> Regards,
>
> *Jonathan MEKLAT*
>
> Informatique Interne
>
> cid:image008.png at 01CA4C2A.7EA37760
>
> /19, Rue du Général FOY 75008 PARIS/
>
> /*t*+33 (0)1 58 22 81 40/*f*+33 (0)1 45 22 12 95/ interne 3181
>
> / *gsm*+33 (0)6 85 43 09 54 /
>
> /*e*_informatique.interne at effitic.com 
> <mailto:informatique.interne at effitic.com>_/
>
> /*e*_jonathan.meklat at effitic.com <mailto:jonathan.meklat at effitic.com>_/
>
> / www.*effitic*.com <http://www.effitic.com/>/
>
> cid:image009.png at 01CA4C2A.7EA37760* Adoptez l'éco-attitude.
> N'**imprimez ce mail que si c'est vraiment nécessaire*
>
> *De :*MEKLAT Jonathan [mailto:jonathan.meklat at effitic.com]
> *Envoyé :* mardi 24 mai 2011 11:01
> *À :* 'admin'
> *Cc :* 'ltb-users at lists.ltb-project.org'
> *Objet :* RE: [Ltb-users] Active directory Password
>
> Hello,
>
> I don't have any answer from your side.
>
> Do you have news about my problem ?
>
> Regards,
>
> *Jonathan MEKLAT*
>
> Informatique Interne
>
> cid:image008.png at 01CA4C2A.7EA37760
>
> /19, Rue du Général FOY 75008 PARIS/
>
> /*t*+33 (0)1 58 22 81 40/*f*+33 (0)1 45 22 12 95/ interne 3181
>
> / *gsm*+33 (0)6 85 43 09 54 /
>
> /*e*_informatique.interne at effitic.com 
> <mailto:informatique.interne at effitic.com>_/
>
> /*e*_jonathan.meklat at effitic.com <mailto:jonathan.meklat at effitic.com>_/
>
> / www.*effitic*.com <http://www.effitic.com/>/
>
> cid:image009.png at 01CA4C2A.7EA37760* Adoptez l'éco-attitude.
> N'**imprimez ce mail que si c'est vraiment nécessaire*
>
> *De :*MEKLAT Jonathan [mailto:jonathan.meklat at effitic.com]
> *Envoyé :* vendredi 20 mai 2011 11:07
> *À :* 'admin'
> *Cc :* 'ltb-users at lists.ltb-project.org'
> *Objet :* RE: [Ltb-users] Active directory Password
>
> Yes.
>
> Here is the right in Active Directory for this user :
>
> -Administrator
>
> -DnsAdmins
>
> -DnsUpdateProxy
>
> -Domains Admin
>
> -Domain Users
>
> -Enterprise Admins
>
> -Schema Admins
>
> -Users
>
> Regards,
>
> *Jonathan MEKLAT*
>
> Informatique Interne
>
> cid:image008.png at 01CA4C2A.7EA37760
>
> /19, Rue du Général FOY 75008 PARIS/
>
> /*t*+33 (0)1 58 22 81 40/*f*+33 (0)1 45 22 12 95/ interne 3181
>
> / *gsm*+33 (0)6 85 43 09 54 /
>
> /*e*_informatique.interne at effitic.com 
> <mailto:informatique.interne at effitic.com>_/
>
> /*e*_jonathan.meklat at effitic.com <mailto:jonathan.meklat at effitic.com>_/
>
> / www.*effitic*.com <http://www.effitic.com/>/
>
> cid:image009.png at 01CA4C2A.7EA37760* Adoptez l'éco-attitude.
> N'**imprimez ce mail que si c'est vraiment nécessaire*
>
> *De :*admin [mailto:admin at webmerchantsinc.com]
> *Envoyé :* vendredi 20 mai 2011 10:59
> *À :* MEKLAT Jonathan
> *Cc :* ltb-users at lists.ltb-project.org
> *Objet :* Re: [Ltb-users] Active directory Password
>
> *$ldap_binddn = "cn=Jonathan Meklat,ou=utilisateurs,dc=domain,dc=local";*
>
> Is this user is a Domain admin ?
>
> On 5/20/2011 11:40 AM, MEKLAT Jonathan wrote:
>
> Thank you for your answer.
>
> I check and it don't work.
>
> Here is my ldap settings :
>
> *$ldap_url = "ldaps://domainsrv.domain.local:636" 
> <ldaps://domainsrv.domain.local:636>;*
>
> *$ldap_binddn = "cn=Jonathan Meklat,ou=utilisateurs,dc=domain,dc=local";*
>
> *$ldap_bindpw = "******";*
>
> *$ldap_base = "ou=utilisateurs,dc=domain,dc=local";*
>
> *$ldap_filter = "(&(objectCategory=user)(sAMAccountName={login}))";*
>
> **
>
> You will find my ldap.conf in attachment.
>
> Here now the error message :
>
> The password is refused.
>
> Regards,
>
> *Jonathan MEKLAT*
>
> Informatique Interne
>
> cid:image008.png at 01CA4C2A.7EA37760
>
> /19, Rue du Général FOY 75008 PARIS/
>
> /*t*+33 (0)1 58 22 81 40/*f*+33 (0)1 45 22 12 95/ interne 3181
>
> / *gsm*+33 (0)6 85 43 09 54/
>
> /*e*_informatique.interne at effitic.com 
> <mailto:informatique.interne at effitic.com>_/
>
> /*e*_jonathan.meklat at effitic.com <mailto:jonathan.meklat at effitic.com>_/
>
> / www.*effitic*.com <http://www.effitic.com/>/
>
> cid:image009.png at 01CA4C2A.7EA37760* Adoptez l'éco-attitude.
> N'**imprimez ce mail que si c'est vraiment nécessaire*
>
> *De :*admin [mailto:admin at webmerchantsinc.com]
> *Envoyé :* vendredi 20 mai 2011 10:23
> *À :* MEKLAT Jonathan
> *Cc :* ltb-users at lists.ltb-project.org 
> <mailto:ltb-users at lists.ltb-project.org>
> *Objet :* Re: [Ltb-users] Active directory Password
>
> Hello Jonathan,
> This is my ldap settings in :
> config.inc.php
>
> $ldap_url = "ldaps://pdc.mydomain.com:636" <ldaps://pdc.mydomain.com:636>;
> $ldap_binddn = "CN=passwordchanger,OU=Staff.com,DC=MYDOMAIN,DC=com";
> $ldap_bindpw = "******";
> $ldap_base = "dc=MYDOMAIN,dc=COM";
> $ldap_filter = "(&(objectClass=user)(sAMAccountName={login}))";
>
> Also, try to test with this option:
> nano /etc/ldap/ldap.conf
> TLS_REQCERT allow
>
> On 5/20/2011 11:10 AM, MEKLAT Jonathan wrote:
>
> Hello all,
>
> I try to set up the solution Self-service Password with an Active 
> Directory but I meet problems.
> I believed to understand that it was necessary to be in 
> LDAPS://servername:(636) <LDAPS://servername:%28636%29> to be able to 
> change the password with the application.
>
> It is there that appears my problem given that I can't change the 
> active directory password.
> Logins is found well but the change of password is made and several 
> errors generate.
>
> I installed a certificate of security on the controller of domain to 
> allow the connection ldaps, but it's not possible since my server 
> accommodating Self-service Password.
>
> I use Debian 5.
>
> Would you have a complete procedure to set up this solution with 
> active directory please?
>
> Thank you by advance
>
> PS : Errors:
>
> */Warning: ldap_connect() [/**/function.ldap-connect 
> <http://10.1.0.247/password/function.ldap-connect>/**/]: Could not 
> create session handle: Bad parameter to an ldap routine 
> in/var/www/password/pages/change.php/**//**/on line/**//**/62/**/
> Warning: ldap_set_option(): supplied argument is not a valid ldap link 
> resource in/var/www/password/pages/change.phpon line63
> Warning: ldap_set_option(): supplied argument is not a valid ldap link 
> resource in/var/www/password/pages/change.phpon line64
> Warning: ldap_bind() expects parameter 1 to be resource, boolean given 
> in/var/www/password/pages/change.phpon line68
> Warning: ldap_errno(): supplied argument is not a valid ldap link 
> resource in/var/www/password/pages/change.phpon line73
> Warning: ldap_search(): supplied argument is not a valid ldap link 
> resource in/var/www/password/pages/change.phpon line81
> Warning: ldap_errno(): supplied argument is not a valid ldap link 
> resource in/var/www/password/pages/change.phpon line83
> Warning: ldap_first_entry(): supplied argument is not a valid ldap 
> link resource in/var/www/password/pages/change.phpon line90
> Warning: ldap_get_dn(): supplied argument is not a valid ldap link 
> resource in/var/www/password/pages/change.phpon line91/*
>
> Regards,
>
> *Jonathan MEKLAT
> *cid:image008.png at 01CA4C2A.7EA37760*
> */19, Rue du Général FOY 75008 PARIS/
> /*t*+33 (0)1 58 22 81 40 /*f*+33 (0)1 45 22 12 95/ interne 3181
> / *gsm*+33 (0)6 85 43 09 54 /
> /*e*_informatique.interne at effitic.com 
> <mailto:informatique.interne at effitic.com>_/
> /*e*_jonathan.meklat at effitic.com <mailto:jonathan.meklat at effitic.com>_/
>
> / www.*effitic*.com <http://www.effitic.com/>/
>
> cid:image009.png at 01CA4C2A.7EA37760* Adoptez l'éco-attitude.
> N'**imprimez ce mail que si c'est vraiment nécessaire*
>
>   
>   
> _______________________________________________
> ltb-users mailing list
> ltb-users at lists.ltb-project.org  <mailto:ltb-users at lists.ltb-project.org>
> http://lists.ltb-project.org/listinfo/ltb-users
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ltb-project.org/pipermail/ltb-users/attachments/20110526/84eb42f4/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 6376 bytes
Desc: not available
URL: <http://lists.ltb-project.org/pipermail/ltb-users/attachments/20110526/84eb42f4/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 1547 bytes
Desc: not available
URL: <http://lists.ltb-project.org/pipermail/ltb-users/attachments/20110526/84eb42f4/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 78455 bytes
Desc: not available
URL: <http://lists.ltb-project.org/pipermail/ltb-users/attachments/20110526/84eb42f4/attachment-0005.png>


More information about the ltb-users mailing list